惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
B
Blog RSS Feed
Apple Machine Learning Research
Apple Machine Learning Research
D
Darknet – Hacking Tools, Hacker News & Cyber Security
V2EX - 技术
V2EX - 技术
Security Archives - TechRepublic
Security Archives - TechRepublic
Cisco Talos Blog
Cisco Talos Blog
T
Tor Project blog
博客园 - 司徒正美
T
The Blog of Author Tim Ferriss
J
Java Code Geeks
宝玉的分享
宝玉的分享
小众软件
小众软件
博客园_首页
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Project Zero
Project Zero
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Spread Privacy
Spread Privacy
I
InfoQ
博客园 - 叶小钗
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
罗磊的独立博客
M
MIT News - Artificial intelligence
爱范儿
爱范儿
The Cloudflare Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
T
Tenable Blog
S
Securelist
N
News and Events Feed by Topic
Simon Willison's Weblog
Simon Willison's Weblog
Webroot Blog
Webroot Blog
The Hacker News
The Hacker News
O
OpenAI News
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Palo Alto Networks Blog
C
CERT Recently Published Vulnerability Notes
PCI Perspectives
PCI Perspectives
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
T
Threat Research - Cisco Blogs
L
LINUX DO - 热门话题
I
Intezer
Scott Helme
Scott Helme
Recent Commits to openclaw:main
Recent Commits to openclaw:main
C
Cybersecurity and Infrastructure Security Agency CISA
Google Online Security Blog
Google Online Security Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Security Affairs
AI
AI
AWS News Blog
AWS News Blog
Security Latest
Security Latest

MongoDB | Blog

10 Years of MongoDB Atlas: Built for what’s Next Build Trust in Agentic AI: From POC to Production Production-Ready Agents Need A Production-Ready Data Platform Agentic Supplier Management with MongoDB Atlas, Voyage AI, and Multi-Modal Search Fighting Tool Sprawl: The Case for AI Tool Registries AI Is Changing What Customers Need From a Database. MongoDB 8.3 Is Built for It New Research Reveals Overcoming Legacy Tech Issues Key to AI Success MongoDB Predictive Auto-Scaling: An Experiment Introducing MongoDB Agent Skills and Plugins for Coding Agents Enhance Your In-IDE Data Browsing Experience With MongoDB Observability and OpenTelemetry: Introducing MongoDB Atlas Log Integration Towards Model-based Verification of a Key-Value Storage Engine Inside MongoDB Dublin: The Heart of Our International Growth Innovating with MongoDB | Customer Successes, February 2026 Building a Movie Recommendation Engine with Hugging Face and Voyage AI Edge AI Made Easy: MongoDB and ObjectBox Data Synchronization MongoDB.local San Francisco 2026: Ship Production AI, Faster Vision RAG: Enabling Search on Any Documents That’s a Wrap! MongoDB’s 2025 in Review & 2026 Predictions Token-count-based Batching: Faster, Cheaper Embedding Inference for Queries MongoDB Announces Leadership Transition Cars24 Improves Search For 300 Million Users With MongoDB Atlas The Cost of Not Knowing MongoDB, Part 3: appV6R0 to appV6R4 The 10 Skills I Was Missing as a MongoDB User Innovating with MongoDB | Customer Successes, October 2025 Smarter AI Search, Powered by MongoDB Atlas and Pureinsights Top Considerations When Choosing a Hybrid Search Solution Endian Communication Systems and Information Exchange in Bytes MongoDB SQL Interface: Now Available for Enterprise Advanced From Niche NoSQL to Enterprise Powerhouse: The Story of MongoDB's Evolution Carrying Complexity, Delivering Agility MongoDB is a Glassdoor Best-Led Company of 2025 Build AI Agents Worth Keeping: The Canvas Framework Simplify AI-Driven Data Connectivity With MongoDB and MCP Toolbox MongoDB Community Edition to Atlas: A Migration Masterclass With BharatPE Modernizing Core Insurance Systems: Breaking the Batch Bottleneck MongoDB.local NYC 2025:定义 AI 时代的理想数据库 MongoDB.local NYC 2025: Defining the Ideal Database for the AI Era MongoDB.local NYC 2025: Definiendo la base de datos ideal para la era de la IA MongoDB.local NYC 2025 : définir la base de données idéale à l'ère de l'IA MongoDB.local NYC 2025: Definindo o Banco de Dados Ideal para a Era da IA MongoDB.local NYC 2025: AI 시대를 위한 이상적인 데이터베이스 정의 MongoDB.local NYC 2025: Definition der idealen Datenbank für das KI-Zeitalter MongoDB.local NYC 2025: Definire il database ideale per l'era dell'AI Hommage à l’excellence : MongoDB Global Partner Awards 2025 Wir feiern Spitzenleistungen: MongoDB Global Partner Awards 2025 Celebrating Excellence: MongoDB Global Partner Awards 2025 庆祝卓越:MongoDB 全球合作伙伴奖 2025 Celebrando la Excelencia: Premios Globales de Emparejar de MongoDB 2025 Começando a destacar a excelência: MongoDB GlobalPartner Services 2025 Celebrare l'eccellenza: MongoDB Global Partner Awards 2025 우수성을 기념하기: 2025년 MongoDB 글로벌 파트너 어워드 The Future of AI Software Development is Agentic MongoDB Queryable Encryption Expands Search Power Supercharge Self-Managed Apps With Search and Vector Search Capabilities Potencie las aplicaciones autogestionadas con capacidades de búsqueda y búsqueda vectorial
Charting a New Course for SaaS Security: Why MongoDB Helped Build the SSCF
Boris Sieklik · 2025-09-30 · via MongoDB | Blog

The way companies everywhere work is powered by SaaS. From collaboration tools to critical infrastructure, organizations rely on SaaS applications to drive their business forward. But this widespread adoption has created a significant security blind spot. How can you ensure every one of these applications is configured securely when they all offer different settings, capabilities, and levels of visibility?

This inconsistency creates friction, wastes resources, and ultimately, exposes businesses to unnecessary risk.

At MongoDB, we believe that securing the SaaS ecosystem is a shared responsibility. That's why we were proud to collaborate with the Cloud Security Alliance (CSA) and industry leaders like GuidePoint Security to develop a new standard—the SaaS Security Capability Framework (SSCF).

The problem: A gap in cloud security

For years, the majority of security assessments have focused on the SaaS provider's organizational security, often through frameworks like SOC 2 or ISO 27001. While essential, these frameworks don't always address a critical question: what security capabilities are available to the SaaS customer within the application?

This gap means that security teams face a chaotic landscape. Every new SaaS app brings a different set of configurable controls for logging, identity management, and data access. This makes it nearly impossible to implement and track consistent security policies at scale, leading to a burdensome assessment process for everyone involved.

The solution: A common framework for SaaS security

The SSCF was created to solve this problem by establishing a clear, technical set of customer-facing security controls that SaaS vendors should provide. The framework is designed to empower customers by ensuring they have the tools they need to operate applications securely at scale on their side of the Shared Security Responsibility Model (SSRM).

The framework helps with many use cases, but three key audiences stand out:

  • For risk management teams: The SSCF provides a clear baseline to use during vendor assessments, simplifying procurement.

  • For SaaS security teams: It offers a checklist for implementing the security features enterprises expect, streamlining the security program.

  • For SaaS vendors: The SSCF standardizes assessment responses, reducing the overhead of custom questionnaires and helping vendors meet customer requirements.

The SSCF focuses on six critical domains, aligned with CSA’s Cloud Control Matrix, providing specific and actionable controls for each:

  1. Change Control and Configuration Management (CCC): Ensuring you can programmatically query and get documentation on all security configurations.

  2. Data Security and Privacy Lifecycle Management (DSP): Giving customers control over features like disabling file uploads to prevent malicious code.

  3. Identity and Access Management (IAM): Providing robust, modern controls for user access, including SSO enforcement, non-human identity (NHI) governance, and a dedicated read-only security auditor role.

  4. Interoperability and Portability (IPY): Giving administrators control over mass data exports and visibility into application integrations.

  5. Logging and Monitoring (LOG): Defining a clear set of comprehensive requirements for machine-readable logs with mandatory fields for effective threat detection and forensics.

  6. Security Incident Management (SEF): Requiring a simple, effective way for vendors to notify a designated customer security contact during an incident.

MongoDB's commitment to a more secure ecosystem

Our involvement in creating the SSCF stems from our deep commitment to the security of our customers' data and the broader developer community. We believe that robust security shouldn't be an afterthought; it must be built in and easy to consume. The principles outlined in the SSCF—like strong identity controls and comprehensive logging—are philosophies we already built into our own data platform.

Strong security capabilities allow our customers to build and innovate faster and more securely, knowing they have a reliable foundation. And personally, as a co-chair of the CSA SSCF, I’ve seen great excitement and engagement on the part of our working group—which helped me realize how many companies are affected by this lack of consistency.

The SSCF is a vital step toward creating a more trusted, efficient, and secure global SaaS ecosystem. We are thrilled to have been a part of this foundational work and will continue to champion this standard that empowers developers and security teams alike.

Visit our security page to learn more about how MongoDB helps protect your data.